← Back to home

Privacy Policy

Last updated: March 2026

1. What We Collect

We collect information you provide directly when you use NudgeFlow:

  • Account information: Your name, email address, and business name when you sign up.
  • Invoice and client data: Invoice details you create, including client names, email addresses, phone numbers, and WhatsApp contact numbers that you enter for the purpose of sending payment reminders.
  • Payment information: Subscription payments are processed by Razorpay. We do not store your card or bank details. We receive confirmation of successful payments from Razorpay. If you connect your Razorpay account to generate payment links for your clients, we store only your Razorpay API credentials in encrypted form.
  • Usage data: Basic usage information such as pages visited, actions taken within the app, and error logs. This is used solely to improve the service.

2. How We Use Your Information

  • To provide and operate the NudgeFlow service — creating invoices, managing payment links, and tracking invoice status.
  • To send payment reminders to your clients via email, WhatsApp, or SMS on your behalf, using contact information you have provided.
  • To process your subscription billing through Razorpay.
  • To send you transactional emails related to your account (e.g., signup confirmation, billing receipts).
  • To diagnose technical issues and improve the platform.

We do not sell your data. We do not use your data or your clients' data for advertising.

3. Third-Party Services

We use the following third-party services to operate NudgeFlow:

  • Supabase — Our database and authentication provider. Your account data, invoice data, and application data are stored on Supabase-managed PostgreSQL databases hosted on AWS infrastructure. Supabase is SOC 2 Type II compliant.
  • Razorpay — Processes subscription payments for your NudgeFlow plan. If you use NudgeFlow to generate payment links for your clients, Razorpay also processes those payments directly to your account. Razorpay is PCI-DSS compliant. Their privacy policy governs the data they collect during payment processing.
  • Resend — Sends transactional emails on our behalf, including invoice emails and payment reminders to your clients.
  • Twilio — Sends WhatsApp messages and SMS reminders to your clients on your behalf, using contact information you have entered into NudgeFlow.

Each of these providers has their own privacy policy and data processing practices. We share only the minimum data necessary for them to perform their function.

4. Data Retention

We retain your account data and invoice data for as long as your account is active. If you request account deletion by emailing us at support@nudgeflow.in, we will delete your personal data within 30 days, except where we are required to retain it for legal or accounting purposes.

Client contact data (phone numbers, email addresses) that you entered is deleted along with your account or upon your explicit request.

5. Communications to Your Clients

NudgeFlow sends payment reminder communications — via email, WhatsApp, and SMS — only to contacts whose information you have entered into the platform. By entering a client's contact details, you confirm that you have the appropriate consent or a legitimate business basis to contact them regarding outstanding invoices.

NudgeFlow does not use your clients' contact information for any purpose other than sending reminders on your behalf. We do not contact your clients for marketing or any other purpose.

6. Your Rights

Under applicable Indian data protection law, including the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your personal data.
  • Withdraw consent for the processing of your personal data (note: this may affect your ability to use the service).

To exercise any of these rights, email us at support@nudgeflow.in. We will respond within a reasonable time.

7. Security

We implement industry-standard security measures to protect your data. API credentials (such as Razorpay keys) that you provide are stored in encrypted form. Access to production data is restricted. Our infrastructure providers (Supabase, Vercel) maintain their own security certifications.

No method of transmission over the internet or electronic storage is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security. If you become aware of any security issue, please contact us immediately at support@nudgeflow.in.

8. Children

NudgeFlow is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will notify you via email. Continued use of NudgeFlow after changes are posted constitutes your acceptance of the revised policy.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

NudgeFlow

Email: support@nudgeflow.in

India